Usersettings.php rewrite.

2025-08-03 13:17:24 +02:00 · 2016-11-26 13:59:21 -08:00
parent 9b6997686e
commit dd2cebbb3c
1 changed files with 836 additions and 716 deletions
--- a/usersettings.php
+++ b/usersettings.php
@@ -48,21 +48,31 @@ if ((!ADMIN || !getperms("4")) && e_QUERY && e_QUERY != "update" )
 include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php');		// Generic user-related language defines
 include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_usersettings.php');

-
+$ue = e107::getUserExt(); // needed by shortcodes for now.

 require_once (e_HANDLER.'ren_help.php');
-require_once (e_HANDLER.'user_extended_class.php');
 // require_once (e_HANDLER.'user_handler.php');
 require_once(e_HANDLER.'validator_class.php');
-$ue = new e107_user_extended;
-
-$userMethods = e107::getUserSession();
-
-require_once (e_HANDLER.'ren_help.php');


-if(deftrue('BOOTSTRAP')===3)
+
+
+
+class usersettings_front // Begin Usersettings rewrite.
 {
+
+	private $template = array();
+	private $sc = null;
+
+
+	/**
+	 * usersettings_front constructor.
+	 */
+	function __construct()
+	{
+
+		if(deftrue('BOOTSTRAP')===3)
+		{
 			$template = e107::getCoreTemplate('usersettings','', true, true); // always merge

 			$USERSETTINGS_MESSAGE 				= "{MESSAGE}";
@@ -72,69 +82,97 @@ if(deftrue('BOOTSTRAP')===3)
 			$usersettings_shortcodes 			= e107::getScBatch('usersettings');

 			$usersettings_shortcodes->wrapper('usersettings/edit');
-}
-else
-{
+		}
+		else
+		{
+			global $sc_style;
 			include_once (e107::coreTemplatePath('usersettings')); //correct way to load a core template.
 			e107::scStyle($sc_style);
 			$usersettings_shortcodes = e107::getScBatch('usersettings');
-}
+		}
+
+		$this->sc = $usersettings_shortcodes;
+		$this->template = array(
+			'message'           => $USERSETTINGS_MESSAGE,
+			'message_caption'   => $USERSETTINGS_MESSAGE_CAPTION,
+			'edit_caption'      => $USERSETTINGS_EDIT_CAPTION,
+			'edit'              => $USERSETTINGS_EDIT,
+
+		);




-
-
-e107::js('footer-inline',"
+		e107::js('footer-inline',"
 			function addtext_us(sc)
 			{
 				document.getElementById('dataform').image.value = sc;
 			}
 		");

+	}

+	/**
+	 * @param $id
+	 * @return mixed
+	 */
+	private function getTemplate($id)
+	{
+		return $this->template[$id];
+	}

+	/**
+	 * @return bool
+	 */
+	public function init()
+	{
+		$pref               = e107::getPref();
+		$tp                 = e107::getParser();
+		$ue                 = e107::getUserExt();
+		$mes                = e107::getMessage();
+		$sql                = e107::getDb();
+		$ns                 = e107::getRender();
+		$userMethods        = e107::getUserSession();

-$photo_to_delete = '';
-$avatar_to_delete = '';
-$ue_fields = '';
-$promptPassword = false;
-$error = FALSE;
-$extraErrors = array();
-$eufVals = array();
-$savePassword = '';
+		$photo_to_delete    = '';
+		$avatar_to_delete   = '';
+		$ue_fields          = '';
+		$promptPassword     = false;
+		$error              = FALSE;
+		$extraErrors        = array();
+		$eufVals            = array();
+		$savePassword       = '';

+		$inp                = USERID;			// Initially assume that user is modifying their own data.
+		$_uid               = false;			// FALSE if user modifying their own data; otherwise ID of data being modified
+		$adminEdit          = false; // @deprecated		// FALSE if editing own data. TRUE if admin edit

-$inp = USERID;			// Initially assume that user is modifying their own data.
-$_uid = false;			// FALSE if user modifying their own data; otherwise ID of data being modified
-$adminEdit = FALSE;		// FALSE if editing own data. TRUE if admin edit
-
-if(is_numeric(e_QUERY))
-{	// Trying to edit specific user record
+		if(is_numeric(e_QUERY))
+		{	// Trying to edit specific user record
 			if (ADMIN)
 			{	// Admin edit of specific record
-/*
-$_usersettings_matches = Array
-(
+				/*
+				$_usersettings_matches = Array
+				(
 				    [0] => /e107/usersettings.php?# OR /e107/edit/user/#
 				    [1] => e107
 				    [2] => usersettings.php OR edit/user
 				    [3] => ? OR /
 				    [4] => #
-)
-*/
-$inp = intval(e_QUERY);
+				)
+				*/
+				$inp = intval(e_QUERY);

-$usersettings_form_action = strstr('?', $_usersettings_matches[3]) ? e_SELF.'?'.e_QUERY : e_SELF;
+			//	$usersettings_form_action = strstr('?', $_usersettings_matches[3]) ? e_SELF.'?'.e_QUERY : e_SELF;

-$_uid = $inp;
-$info = e107::user($inp);
+				$_uid = $inp;
+				$info = e107::user($inp);
 						//Only site admin is able to change setting for other admins
-if(!is_array($info) || ($info['user_admin'] == 1 && (!defined('ADMINPERMS') || ADMINPERMS !== '0')) || ((!defined('ADMINPERMS') || ADMINPERMS !== '0') && !getperms('4')))
-{
+				if(!is_array($info) || ($info['user_admin'] == 1 && (!defined('ADMINPERMS') || ADMINPERMS !== '0')) || ((!defined('ADMINPERMS') || ADMINPERMS !== '0') && !getperms('4')))
+				{
 					e107::redirect();
 					exit();
-}
+				}
 				$adminEdit = TRUE;		// Flag to indicate admin edit
 			}
 			else
@@ -144,28 +182,24 @@ if(!is_array($info) || ($info['user_admin'] == 1 && (!defined('ADMINPERMS') || A
 				exit();
 			}

-}
+		}



-require_once (HEADERF);
+		// Save user settings (changes only)
+		//-----------------------------------

-
-
-// Save user settings (changes only)
-//-----------------------------------
-
-if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo']))
-{
-//	$udata = e107::user($inp);	//@deprecated			// Get all the existing user data, including any extended fields
+		if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo']))
+		{
+		//	$udata = e107::user($inp);	//@deprecated			// Get all the existing user data, including any extended fields

 			$udata = e107::user($inp); // Get all the existing user data, including any extended fields
 			$udata['user_classlist'] = $userMethods->addCommonClasses($udata, FALSE);
-}
+		}


-if (isset($_POST['updatesettings']))
-{
+		if (isset($_POST['updatesettings']))
+		{
 			if (!vartrue($pref['auth_method']))
 			{
 				$pref['auth_method'] = 'e107';
@@ -178,12 +212,13 @@ if (isset($_POST['updatesettings']))
 			}

 			// Uploaded avatar and/or photo
-	if (varset($file_userfile['error']) != 4)
+			if (varset($_FILES['file_userfile']['error']) != UPLOAD_ERR_NO_FILE)
 			{
-		require_once (e_HANDLER.'upload_handler.php');
 				require_once (e_HANDLER.'resize_handler.php');

-		if ($uploaded = process_uploaded_files(e_AVATAR_UPLOAD, 'prefix+ap_'.$tp->leadingZeros($udata['user_id'],7).'_', array('overwrite' => TRUE, 'file_mask'=>'jpg,png,gif,jpeg', 'max_file_count' => 2)))
+				$opts = array('overwrite' => TRUE, 'file_mask'=>'jpg,png,gif,jpeg', 'max_file_count' => 2);
+
+				if ($uploaded = e107::getFile()->getUploaded(e_AVATAR_UPLOAD, 'prefix+ap_'.$tp->leadingZeros($udata['user_id'],7).'_', $opts))
 				{
 					foreach ($uploaded as $upload)
 					{
@@ -237,10 +272,10 @@ if (isset($_POST['updatesettings']))
 			$changedUserData = validatorClass::findChanges($allData['data'], $udata,FALSE);


-e107::getMessage()->addDebug("<h5>Existing User Info</h5>".print_a($udata,true));
-e107::getMessage()->addDebug('<h5>$allData</h5>'.print_a($allData['data'],true));
+			e107::getMessage()->addDebug("<h5>Existing User Info</h5>".print_a($udata,true));
+			e107::getMessage()->addDebug('<h5>$allData</h5>'.print_a($allData['data'],true));

-e107::getMessage()->addDebug("<h5>Posted Changes</h5>".print_a($changedUserData,true));
+			e107::getMessage()->addDebug("<h5>Posted Changes</h5>".print_a($changedUserData,true));

 			// Login Name checks - only admin can change login name
 			if (isset($changedUserData['user_loginname']))
@@ -308,7 +343,7 @@ e107::getMessage()->addDebug("<h5>Posted Changes</h5>".print_a($changedUserData,
 						{
 							if (US_DEBUG)
 							{
-						$admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING);
+								e107::getLog()->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING);
 							}
 							$changedUserData['user_class'] = $nid;
 						}
@@ -345,50 +380,54 @@ e107::getMessage()->addDebug("<h5>Posted Changes</h5>".print_a($changedUserData,
 					$error = true;
 				}
 			}
-}  // End - update setttings
-elseif (isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editing their own data
-{
-	if (!$adminEdit && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key']))
-	{	// Got some data confirmed with password entry
+		}  // End - update setttings
+		elseif(isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editing their own data
+		{
+/*			if(!empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key']))
+			{	// Got some data confirmed with password entry*/
 				$new_data = base64_decode($_POST['updated_data']);

-
 				 // Should only happen if someone's fooling around
-		if (md5($new_data) != $_POST['updated_key'] || ($userMethods->hasReadonlyField($new_data) !==false))
+				if ($this->getValidationKey($new_data) !== $_POST['updated_key'] || ($userMethods->hasReadonlyField($new_data) !==false))
 				{
 					echo LAN_USET_42.'<br />';
-			exit();
+					return false;
 				}

 				if (isset($_POST['updated_extended']))
 				{
 					$new_extended = base64_decode($_POST['updated_extended']);
-			if (md5($new_extended) != $_POST['extended_key'])
+
+					if ($this->getValidationKey($new_extended) !== $_POST['extended_key'])
 					{  // Should only happen if someone's fooling around
 						echo LAN_USET_42.'<br />';
-				exit();
+						return false;
 					}
 				}

 				if ($userMethods->CheckPassword($_POST['currentpassword'], $udata['user_loginname'], $udata['user_password']) === false) // Use old data to validate
-
 				{  // Invalid password
-			echo "<br />".LAN_INCORRECT_PASSWORD."<br />";
-			if(!$adminEdit)
-			{
-				require_once (FOOTERF);
+
+					$mes->addError("<p>".LAN_INCORRECT_PASSWORD."</p>");
+					$mes->addError("<a class='btn btn-danger' href='".e107::getUrl()->create('user/myprofile/edit')."'>".LAN_BACK."</a>");
+
+					echo $mes->render();
+					return false;
 				}
-			else
-			{
-				require_once(e_ADMIN."footer.php");
-			}
-			exit();
-		}
-		$changedUserData = unserialize($new_data);
+
+
+				$changedUserData = e107::unserialize($new_data);
+
 				$savePassword = $_POST['currentpassword'];
-		if (!empty($new_extended)) $changedEUFData = unserialize($new_extended);
+
+				if(!empty($new_extended))
+				{
+					$changedEUFData = e107::unserialize($new_extended);
+				}
+
 				unset($new_data);
 				unset($new_extended);
+
 				if (isset($changedUserData['user_sess']))
 				{
 					$photo_to_delete = $udata['user_sess'];
@@ -397,20 +436,20 @@ elseif (isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editi
 				{
 					$avatar_to_delete = $udata['user_image'];
 				}
+		//	}
 		}
-}
-unset($_POST['updatesettings']);
-unset($_POST['SaveValidatedInfo']);
+		unset($_POST['updatesettings']);
+		unset($_POST['SaveValidatedInfo']);


-// At this point we know the error status.
-// $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation).
-// $eufData has extended user field data
-// $changedEUFData has any changes in extended user field data
-$dataToSave = !$error && (isset($changedUserData) && count($changedUserData)) || (isset($changedEUFData['data']) && count($changedEUFData['data'])) || $savePassword;
+		// At this point we know the error status.
+		// $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation).
+		// $eufData has extended user field data
+		// $changedEUFData has any changes in extended user field data
+		$dataToSave = !$error && (isset($changedUserData) && count($changedUserData)) || (isset($changedEUFData['data']) && count($changedEUFData['data'])) || $savePassword;

-if ($dataToSave)
-{
+		if ($dataToSave)
+		{
 			// Sort out password hashes
 			if ($savePassword)
 			{
@@ -419,9 +458,9 @@ if ($dataToSave)
 				$changedUserData['user_password'] = $sql->escape($userMethods->HashPassword($savePassword, $loginname), false);
 				if (varset($pref['allowEmailLogin'], FALSE))
 				{
-			$user_prefs = e107::getArrayStorage()->unserialize($udata['user_prefs']);
+					$user_prefs = e107::unserialize($udata['user_prefs']);
 					$user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $email);
-			$changedUserData['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs);
+					$changedUserData['user_prefs'] = e107::serialize($user_prefs);
 				}
 			}
 			else
@@ -439,15 +478,15 @@ if ($dataToSave)
 					}
 				}
 			}
-}
+		}

-if ($dataToSave && !$promptPassword)
-{
+		if ($dataToSave && !$promptPassword)
+		{
 			$inp = intval($inp);


 			// We can update the basic user record now - can just update fields from $changedUserData
-	if (US_DEBUG) { $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:<br /> ".var_export($changedUserData, true), false, LOG_TO_ROLLING); }
+			if (US_DEBUG) { e107::getLog()->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:<br /> ".var_export($changedUserData, true), false, LOG_TO_ROLLING); }
 			if (isset($changedUserData) && count($changedUserData))
 			{
 				$changedData['data'] = $changedUserData;
@@ -487,6 +526,7 @@ if ($dataToSave && !$promptPassword)
 				{
 					$message .= '<br />Error updating EUF';
 				}
+
 			}

 			// Now see if we need to log anything. First check the options and class membership
@@ -562,12 +602,12 @@ if ($dataToSave && !$promptPassword)
 						$log_action = USER_AUDIT_ADMIN;						// If an admin did the mod, different heading
 						// Embed a message saying who changed the data
 						$changedUserData['message'] = str_replace(array('--ID--', '--LOGNAME--'), array(USERID, USERNAME), LAN_USET_18);
-				$admin_log->user_audit($log_action, $do_log, $udata['user_id'], $udata['user_loginname']);
+						e107::getLog()->user_audit($log_action, $do_log, $udata['user_id'], $udata['user_loginname']);
 					}
 					else
 					{
 						if (count($do_log) > 1) { $log_action = USER_AUDIT_NEW_SET; } // Log multiple entries to one record
-				$admin_log->user_audit($log_action, $do_log);
+						e107::getLog()->user_audit($log_action, $do_log);
 					}
 				}
 			}	// End of audit logging
@@ -576,11 +616,11 @@ if ($dataToSave && !$promptPassword)
 			// Now tidy up
 			if ($photo_to_delete)
 			{	// Photo may be a flat file, or in the database
-		delete_file($photo_to_delete);
+				$this->deleteFile($photo_to_delete);
 			}
 			if ($avatar_to_delete)
 			{	// Avatar may be a flat file, or in the database
-		delete_file($avatar_to_delete);
+				$this->deleteFile($avatar_to_delete);
 			}

 				// If user has changed display name, update the record in the online table
@@ -609,6 +649,9 @@ if ($dataToSave && !$promptPassword)
 			}


+			$USERSETTINGS_MESSAGE =$this->getTemplate('message');
+			$USERSETTINGS_MESSAGE_CAPTION = $this->getTemplate('message_caption');
+
 			if(isset($USERSETTINGS_MESSAGE))
 			{
 				$message = str_replace("{MESSAGE}",$message,$USERSETTINGS_MESSAGE);
@@ -621,11 +664,11 @@ if ($dataToSave && !$promptPassword)

 			$caption = (isset($USERSETTINGS_MESSAGE_CAPTION)) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK;

-}	// End - if (!$error)...
+		}	// End - if (!$error)...


-if (!$error && !$promptPassword) 
-{
+		if (!$error && !$promptPassword)
+		{
 			if(isset($_POST) && vartrue($changedUserData['user_name']))
 			{
 				$redirect = e107::getRedirect();
@@ -635,73 +678,124 @@ if (!$error && !$promptPassword)
 				$redirect->redirect($to);
 			}
 			unset($_POST);
-}
+		}


-if ($error)
-{
-	// require_once (e_HANDLER.'message_handler.php');
+		if ($promptPassword) // User has to enter password to validate data
+		{
+			$this->renderPasswordForm($changedUserData,$changedEUFData);
+			return false;
+		}
+
+		
+
+		if ($error)
+		{
+			$message = $this->compileErrors($extraErrors, $allData, $eufVals);
+
+		//	if(!empty($message))
+			{
+				if(deftrue('BOOTSTRAP'))
+				{
+					echo e107::getMessage()->addError($message)->render();
+				}
+				else
+				{
+					$ns->tablerender($caption, $message);
+				}
+			}
+		}
+		else // --- User data has been updated here if appropriate ---
+		{
+
+			$testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true); // only success in the session
+
+			if($testSessionMessage) $message = implode('<br />', $testSessionMessage); // we got raw message - array
+
+			if(empty($message))
+			{
+				$message = LAN_USET_41; // probably only extended fields updated.
+			}
+
+ 			if(deftrue('BOOTSTRAP'))
+			{
+				echo e107::getMessage()->addSuccess($message)->render();
+			}
+			else
+			{
+				$ns->tablerender($caption, $message);
+			}
+
+		}
+
+
+
+		$this->renderForm($changedUserData);
+
+	}
+
+
+	/**
+	 * @param $extraErrors
+	 * @param $allData
+	 * @param $eufVals
+	 * @return string
+	 */
+	private function compileErrors($extraErrors, $allData, $eufVals)
+	{
 		$temp = array();
+		$userMethods = e107::getUserSession();
+
 		if (count($extraErrors))
 		{
 			$temp[] = implode('<br />', $extraErrors);
 		}
+
 		if (count($allData['errors']))
 		{
 			$temp[] = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
 		}
+
 		if (vartrue($eufVals['errors']))
 		{
 			$temp[] = '<br />'.validatorClass::makeErrorList($eufVals,'USER_ERR_','%n - %x - %t: %v', '<br />', NULL);
 		}
-	// message_handler('P_ALERT', implode('<br />', $temp));

-	$errorMsg = implode('<br />', $temp);
+		return implode('<br />', $temp);
+

-	if(deftrue('BOOTSTRAP'))
-	{
-		echo e107::getMessage()->addError($errorMsg)->render();	
-	}
-	else 
-	{
-		$ns->tablerender($caption, $message);
 	}


-//	$adref = $_POST['adminreturn'];
-}
-
-
-// --- User data has been updated here if appropriate ---
-$testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true); // only success in the session
-if($testSessionMessage) $message = implode('<br />', $testSessionMessage); // we got raw message - array
-
-if (isset($message))
-{
-	if(deftrue('BOOTSTRAP'))
+	/**
+	 * @param $string
+	 * @return string
+	 */
+	private function getValidationKey($string)
 	{
-		echo e107::getMessage()->addInfo($message)->render();	
+		return crypt($string, e_TOKEN);
 	}
-	else 
+
+
+	/**
+	 * @param $changedUserData
+	 * @param $changedEUFData
+	 */
+	private function renderPasswordForm($changedUserData, $changedEUFData )
 	{
-		$ns->tablerender($caption, $message);
-	}	
-}
-
-
-$uuid = ($_uid ? $_uid : USERID); // If $_uid is set, its an admin changing another user's data
-
-
-if ($promptPassword)
-{	// User has to enter password to validate data
-	$updated_data = serialize($changedUserData);
-	$validation_key = md5($updated_data);
+		$ns                 = e107::getRender();
+		$updated_data       = e107::serialize($changedUserData,'json');
+		$validation_key     = $this->getValidationKey($updated_data);
 		$updated_data       = base64_encode($updated_data);
-	$updated_extended = serialize($changedEUFData);
-	$extended_key = md5($updated_extended);
+		$updated_extended   = e107::serialize($changedEUFData, 'json');
+		$extended_key       = $this->getValidationKey($updated_extended);
 		$updated_extended   = base64_encode($updated_extended);
-	$text = "<form method='post' action='".e_SELF.(e_QUERY ? "?".e_QUERY : '')."'>
-	<table><tr><td style='text-align:center'>";
+
+		$formTarget = e107::getUrl()->create('user/myprofile/edit');
+
+		$text = "<form method='post' action='".$formTarget."'>
+			<table><tr><td>";
+
 				foreach ($_POST as $k => $v)
 				{
 					if (is_array($v))
@@ -716,43 +810,56 @@ if ($promptPassword)
 						$text .= "<input type='hidden' name='{$k}' value='{$v}' />\n";
 					}
 				}
-		$text .= LAN_USET_21."</td></tr><tr><td>&nbsp;</td></tr>
-		<tr><td style='text-align:center'><input type='password' name='currentpassword' value='' size='30' />";
-			$text .= "<input type='hidden' name='updated_data' value='{$updated_data}' /><input type='hidden' name='updated_key' value='{$validation_key}' />
-			<input type='hidden' name='updated_extended' value='{$updated_extended}' /><input type='hidden' name='extended_key' value='{$extended_key}' />
+
+				$text .= LAN_USET_21."</td></tr>
+				<tr><td>&nbsp;</td></tr>
+				<tr><td>
+
+				<input type='password' class='form-control' name='currentpassword' value='' size='30' />";
+
+				$text .= "
+				<input type='hidden' name='updated_data' value='{$updated_data}' />
+				<input type='hidden' name='updated_key' value='{$validation_key}' />
+				<input type='hidden' name='updated_extended' value='{$updated_extended}' />
+				<input type='hidden' name='extended_key' value='{$extended_key}' />
 				</td></tr>
 				<tr><td>&nbsp;</td></tr>
-		<tr><td style='text-align:center'><input type='submit' name='SaveValidatedInfo' value='".LAN_ENTER."' /></td></tr>
+				<tr><td style='text-align:center'>
+				".e107::getForm()->button('SaveValidatedInfo',1, 'submit', LAN_ENTER)."
+				</td></tr>
 			</table>
-</form>";
-$ns->tablerender(LAN_USET_39, $text);
-if(!$adminEdit)
-{
-	require_once (FOOTERF);
-}
-else
-{
-	require_once(e_ADMIN."footer.php");
-}
-}
+			</form>";


-//--------------------------------------------------------
-// Re-read the user data into curVal (ready for display)
-//--------------------------------------------------------

-$qry = "
-SELECT u.*, ue.* FROM #user AS u
-LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id
-WHERE u.user_id=".intval($uuid);

-$sql->gen($qry);
-$curVal=$sql->fetch();
-$curVal['user_class'] = varset($changedUserData['user_class'], $curVal['user_class']);
-$curVal['userclass_list'] = $userMethods->addCommonClasses($curVal, FALSE);
+			$ns->tablerender(LAN_USET_39, $text);

-if (vartrue($_POST))
-{     // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values
+	}
+
+
+	/**
+	 * @param $changedUserData
+	 */
+	private function renderForm($changedUserData)
+	{
+		$sql = e107::getDb();
+		$ns = e107::getRender();
+		$tp = e107::getParser();
+		$userMethods = e107::getUserSession();
+		$uuid = USERID;
+		$qry = "
+		SELECT u.*, ue.* FROM #user AS u
+		LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id
+		WHERE u.user_id=".intval($uuid);
+
+		$sql->gen($qry); // Re-read the user data into curVal (ready for display)
+		$curVal=$sql->fetch();
+		$curVal['user_class'] = varset($changedUserData['user_class'], $curVal['user_class']);
+		$curVal['userclass_list'] = $userMethods->addCommonClasses($curVal, FALSE);
+
+		if(!empty($_POST))
+		{     // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values
 			  // (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block
 			foreach ($_POST as $key => $val)
 			{
@@ -762,64 +869,55 @@ if (vartrue($_POST))
 			{
 				$curVal[$key] = $tp->post_toForm($val);
 			}
-}
-
-//require_once (e_HANDLER."form_handler.php");
-//$rs = new form;
-
-$text = '<form method="post" action="'.vartrue($usersettings_form_action,e_REQUEST_URI).'" id="dataform" class="form-horizontal"  enctype="multipart/form-data" autocomplete="off">';
-
-//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));
-
-if (e_QUERY == "update")
-{
-	$text .= "<div class='fborder' style='text-align:center'><br />".str_replace("*", "<span class='required'>*</span>", LAN_USET_9)."<br />".LAN_USET_10."<br /><br /></div>";
-}
-
-// e107::scStyle($sc_style);
-e107::getScBatch('usersettings')->setVars($curVal);
-
-$text .= $tp->parseTemplate($USERSETTINGS_EDIT, true, $usersettings_shortcodes); //ParseSC must be set to true so that custom plugin -shortcodes can be utilized. 
-
-
-$text .= "<div><input type='hidden' name='_uid' value='{$uuid}' /></div>
-</form>
-";
-
-$caption = (isset($USERSETTINGS_EDIT_CAPTION)) ? $USERSETTINGS_EDIT_CAPTION : LAN_USET_39; // 'Update User Settings'	
-
-$ns->tablerender($caption, $text);
-
-if(!$adminEdit)
-{
-	require_once (FOOTERF);
-}
-else
-{
-	require_once(e_ADMIN."footer.php");
-}
-
-
-
-
-// If a field is required, returns a red asterisk
-function req($field)
-{
-	$ret = "";
-	if ($field == 2)
-	{
-		$ret = "<span class='required'> *</span>";
 		}
-	return $ret;
-}
+
+		$text = '<form method="post" action="'.vartrue($usersettings_form_action,e_REQUEST_URI).'" id="dataform" class="form-horizontal"  enctype="multipart/form-data" autocomplete="off">';
+
+		//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));
+
+		if (e_QUERY == "update")
+		{
+			$text .= "<div class='fborder' style='text-align:center'><br />".str_replace("*", "<span class='required'>*</span>", LAN_USET_9)."<br />".LAN_USET_10."<br /><br /></div>";
+		}
+
+		// e107::scStyle($sc_style);
+		e107::getScBatch('usersettings')->setVars($curVal);
+
+		$USERSETTINGS_EDIT = $this->getTemplate('edit');
+		$USERSETTINGS_EDIT_CAPTION = $this->getTemplate('edit_caption');
+
+		$text .= $tp->parseTemplate($USERSETTINGS_EDIT, true, $this->sc); //ParseSC must be set to true so that custom plugin -shortcodes can be utilized.


-// Delete a file from the public directories. Return TRUE on success, FALSE on failure.
-// Also deletes from database if appropriate.
-function delete_file($fname, $dir = 'avatars/')
-{
-	return;
+		$text .= "<div><input type='hidden' name='_uid' value='{$uuid}' /></div>
+		</form>
+		";
+
+		$caption = (isset($USERSETTINGS_EDIT_CAPTION)) ? $USERSETTINGS_EDIT_CAPTION : LAN_USET_39; // 'Update User Settings'
+
+		$ns->tablerender($caption, $text);
+
+
+
+
+
+	}
+
+
+
+
+	//
+	/**'
+	 * todo review and remove method if deemed appropriate
+	 * Delete a file from the public directories. Return TRUE on success, FALSE on failure.
+	 * Also deletes from database if appropriate.
+	 * @param $fname
+	 */
+	private function deleteFile($fname)
+	{
 		/*
+		 $dir = 'avatars/';
+
 		$sql = e107::getDb();
 		$tp = e107::getParser();

@@ -837,5 +935,27 @@ function delete_file($fname, $dir = 'avatars/')
 		}
 		return false;
 		*/
+	}
+
 }

+$us = new usersettings_front;
+require_once (HEADERF);
+$us->init();
+require_once (FOOTERF);
+
+
+
+// If a field is required, returns a red asterisk
+function req($field)
+{
+	$ret = "";
+	if ($field == 2)
+	{
+		$ret = "<span class='required'> *</span>";
+	}
+	return $ret;
+}
+
+
+